Details of VAR-202207-0708

ID

VAR-202207-0708

CVE

CVE-2022-33701

TITLE

Samsung KnoxCustomManagerService Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-70738

DESCRIPTION

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. Samsung KnoxCustomManagerService is a security solution based on the open source Android platform of Samsung (Samsung) in South Korea. It can comprehensively enhance security by combining physical means and software system, and is perfectly compatible with Android and Google ecosystems. Individual employees bring industry-leading enterprise mobility security solutions. An access control error vulnerability exists in Samsung KnoxCustomManagerService that stems from the lack of protection for broadcast intents in KnoxCustomManagerService. An attacker could exploit this vulnerability to call PowerManaer.goToSleep by sending a broadcast intent

Trust: 1.53

sources: NVD: CVE-2022-33701 // CNVD: CNVD-2022-70738 // VULMON: CVE-2022-33701

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-70738

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-70738 // NVD: CVE-2022-33701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33701
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-33701
value:	LOW
Trust: 1.0
CNVD:	CNVD-2022-70738
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202207-1011
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-33701
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-33701
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-70738
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-33701
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-33701
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-70738 // VULMON: CVE-2022-33701 // CNNVD: CNNVD-202207-1011 // NVD: CVE-2022-33701 // NVD: CVE-2022-33701

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0

sources: NVD: CVE-2022-33701

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1011

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-1011

PATCH

title:	Patch for Samsung KnoxCustomManagerService Access Control Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356731	Trust: 0.6
title:	SAMSUNG Mobile devices Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=200400	Trust: 0.6

sources: CNVD: CNVD-2022-70738 // CNNVD: CNNVD-202207-1011

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33701	Trust: 2.3
db:	CNVD	id:	CNVD-2022-70738	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1011	Trust: 0.6
db:	VULMON	id:	CVE-2022-33701	Trust: 0.1

sources: CNVD: CNVD-2022-70738 // VULMON: CVE-2022-33701 // CNNVD: CNNVD-202207-1011 // NVD: CVE-2022-33701

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33701	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-33701/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/829.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-70738 // VULMON: CVE-2022-33701 // CNNVD: CNNVD-202207-1011 // NVD: CVE-2022-33701

SOURCES

db:	CNVD	id:	CNVD-2022-70738
db:	VULMON	id:	CVE-2022-33701
db:	CNNVD	id:	CNNVD-202207-1011
db:	NVD	id:	CVE-2022-33701

LAST UPDATE DATE

2024-08-14T13:53:11.423000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-70738	date:	2022-10-24T00:00:00
db:	VULMON	id:	CVE-2022-33701	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-1011	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2022-33701	date:	2023-07-21T17:47:31.997

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-70738	date:	2022-10-24T00:00:00
db:	VULMON	id:	CVE-2022-33701	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-1011	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-33701	date:	2022-07-12T14:15:17.933